无法以非root用户身份运行Chef cron recipe

时间:2016-11-07 17:08:29

标签: chef chef-recipe

我正站在一个新的环境中,Chef节点必须以非root用户身份运行chef-client。 (我已为chef-user创建了rwx /etc/chef/个权限,client.rb每个another SO question指向正确的客户端密钥。)以下是我的测试配方:

cron "clientrun2m" do
  minute '*/2'
  command "/bin/chef-client"
  action :create
  user "chef-user"
end

当我以chef-user的身份登录目标节点时,我尝试(不成功)执行chef-client(不使用sudo)并获取以下信息。似乎错误是资源的聚合而与用户权限或私钥无关。 (我可以运行这个食谱,减去user "chef-user"行,并在另一个节点上sudo'd,没有问题。)任何想法为什么这个食谱对我的非root用户不起作用?

Installing Cookbook Gems:
Compiling Cookbooks...
Converging 2 resources
Recipe: cron-delvalidate2m::2min_cu
  * cron[clientrun2m] action create[2016-11-07T11:53:22-05:00] INFO: Processing cron[clientrun2m] action create (cron-delvalidate2m::2min_cu line 7)


    ================================================================================
    Error executing action `create` on resource 'cron[clientrun2m]'
    ================================================================================

    Chef::Exceptions::Cron
    ----------------------
    Error updating state of clientrun2m, exit: 1

    Resource Declaration:
    ---------------------
    # In /home/chef-user/.chef/cache/cookbooks/cron-delvalidate2m/recipes/2min_cu.rb

      7: cron "clientrun2m" do
      8:   minute '*/2'
      9:   command "/bin/chef-client"
     10:   action :create
     11:   user "chef-user"
     12: end
     13:

    Compiled Resource:
    ------------------
    # Declared in /home/chef-user/.chef/cache/cookbooks/cron-delvalidate2m/recipes/2min_cu.rb:7:in `from_file'

    cron("clientrun2m") do
      action [:create]
      retries 0
      retry_delay 2
      default_guard_interpreter :default
      minute "*/2"
      hour "*"
      day "*"
      month "*"
      weekday "*"
      command "/bin/chef-client"
      user "chef-user"
      declared_type :cron
      cookbook_name "cron-delvalidate2m"
      recipe_name "2min_cu"
    end

    Platform:
    ---------
    x86_64-linux

[2016-11-07T11:53:22-05:00] INFO: Running queued delayed notifications before re-raising exception

Running handlers:
[2016-11-07T11:53:22-05:00] ERROR: Running exception handlers
Running handlers complete
[2016-11-07T11:53:22-05:00] ERROR: Exception handlers complete
Chef Client failed. 0 resources updated in 01 seconds
[2016-11-07T11:53:22-05:00] INFO: Sending resource update report (run-id: 92566ddb-e078-44b2-b862-be34da4a18b4)
[2016-11-07T11:53:22-05:00] INFO: Unable to access cache at /var/chef. Switching cache to /home/chef-user/.chef
[2016-11-07T11:53:22-05:00] INFO: Unable to access cache at /var/chef. Switching cache to /home/chef-user/.chef
[2016-11-07T11:53:22-05:00] FATAL: Stacktrace dumped to /home/chef-user/.chef/cache/chef-stacktrace.out
[2016-11-07T11:53:22-05:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2016-11-07T11:53:22-05:00] ERROR: cron[clientrun2m] (cron-delvalidate2m::2min_cu line 7) had an error: Chef::Exceptions::Cron: Error updating state of clientrun2m, exit: 1
[2016-11-07T11:53:22-05:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)

引用的stacktrace.out文件在上面的第三行到最后一行中提到。

[chef-user@ip-10-0-0-230 ~]$ cat /home/chef-user/.chef/cache/chef-stacktrace.out
Generated at 2016-11-07 11:53:22 -0500
Chef::Exceptions::Cron: cron[clientrun2m] (cron-delvalidate2m::2min_cu line 7) had an error: Chef::Exceptions::Cron: Error updating state of clientrun2m, exit: 1
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/provider/cron.rb:231:in `write_crontab'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/provider/cron.rb:157:in `block in action_create'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/mixin/why_run.rb:52:in `add_action'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/provider.rb:176:in `converge_by'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/provider/cron.rb:156:in `action_create'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/provider.rb:145:in `run_action'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/resource.rb:603:in `run_action'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/runner.rb:69:in `run_action'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/runner.rb:97:in `block (2 levels) in converge'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/runner.rb:97:in `each'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/runner.rb:97:in `block in converge'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/resource_collection/resource_list.rb:94:in `block in execute_each_resource'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/resource_collection/stepable_iterator.rb:114:in `call_iterator_block'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/resource_collection/stepable_iterator.rb:85:in `step'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/resource_collection/stepable_iterator.rb:103:in `iterate'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/resource_collection/stepable_iterator.rb:55:in `each_with_index'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/resource_collection/resource_list.rb:92:in `execute_each_resource'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/runner.rb:96:in `converge'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/client.rb:669:in `block in converge'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/client.rb:664:in `catch'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/client.rb:664:in `converge'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/client.rb:703:in `converge_and_save'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/client.rb:283:in `run'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application.rb:302:in `block in fork_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application.rb:290:in `fork'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application.rb:290:in `fork_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application.rb:255:in `block in run_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/local_mode.rb:44:in `with_server_connectivity'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application.rb:243:in `run_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application/client.rb:464:in `sleep_then_run_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application/client.rb:451:in `block in interval_run_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application/client.rb:450:in `loop'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application/client.rb:450:in `interval_run_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application/client.rb:434:in `run_application'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application.rb:60:in `run'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/bin/chef-client:26:in `<top (required)>'
/bin/chef-client:54:in `load'
/bin/chef-client:54:in `<main>'

>>>> Caused by Chef::Exceptions::Cron: Error updating state of clientrun2m, exit: 1
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/provider/cron.rb:231:in `write_crontab'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/provider/cron.rb:157:in `block in action_create'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/mixin/why_run.rb:52:in `add_action'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/provider.rb:176:in `converge_by'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/provider/cron.rb:156:in `action_create'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/provider.rb:145:in `run_action'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/resource.rb:603:in `run_action'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/runner.rb:69:in `run_action'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/runner.rb:97:in `block (2 levels) in converge'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/runner.rb:97:in `each'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/runner.rb:97:in `block in converge'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/resource_collection/resource_list.rb:94:in `block in execute_each_resource'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/resource_collection/stepable_iterator.rb:114:in `call_iterator_block'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/resource_collection/stepable_iterator.rb:85:in `step'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/resource_collection/stepable_iterator.rb:103:in `iterate'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/resource_collection/stepable_iterator.rb:55:in `each_with_index'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/resource_collection/resource_list.rb:92:in `execute_each_resource'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/runner.rb:96:in `converge'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/client.rb:669:in `block in converge'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/client.rb:664:in `catch'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/client.rb:664:in `converge'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/client.rb:703:in `converge_and_save'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/client.rb:283:in `run'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application.rb:302:in `block in fork_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application.rb:290:in `fork'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application.rb:290:in `fork_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application.rb:255:in `block in run_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/local_mode.rb:44:in `with_server_connectivity'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application.rb:243:in `run_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application/client.rb:464:in `sleep_then_run_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application/client.rb:451:in `block in interval_run_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application/client.rb:450:in `loop'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application/client.rb:450:in `interval_run_chef_client'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application/client.rb:434:in `run_application'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/lib/chef/application.rb:60:in `run'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.15.19/bin/chef-client:26:in `<top (required)>'
/bin/chef-client:54:in `load'

1 个答案:

答案 0 :(得分:0)

我找到了this open issue。当指定了非root用户时,Chef的cron提供程序无法与节点的crontab命令正确连接。修复可能在积压中。

对于我自己的用途,我需要让我的节点与非root用户一起运行。我能够破解一些自定义配方来复制我需要的功能。

Recipe1:将chef-client添加到crontab 

# Removes any crontab job of 'chef-client' before inserting the new 'chef-client' crontab job (for every 2 mins)
execute "clientrun2m" do
  command "crontab -l | grep -v chef-client | crontab - && (crontab -l; echo \"*/2 * * * * /bin/chef-client\") | crontab -"
  action :run
end

# Delete the validation.pem for security reasons
file "/etc/chef/validation.pem" do
  action :delete
end

从crontab中删除chef-client 

# Removes any crontab job of 'chef-client'
execute "clientrun2m" do
  command "crontab -l | grep -v chef-client | crontab -"
  action :run
end

# Delete the validation.pem for security reasons
file "/etc/chef/validation.pem" do
  action :delete
end
相关问题
最新问题